Cisco ProtectLink™ Gateway 1.0 - Admin Guide

8/9/2019 Cisco ProtectLink Gateway 1.0 - Admin Guide

1/82

Cisco Small Business

Cisco ProtectLink Gateway 1.0

ADMINISTRATION

GUIDE


2/82

2009 Cisco Systems, Inc. All rights reserved. OL-21459-01

CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco Ironport, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower,

Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video

(Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and

Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP,CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,

Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,

iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking

Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to

Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States

and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a

partnership relationship between Cisco and any other company. (0907R)


3/82

Cisco ProtectLink Gateway Administration Guide 3

Contents

Chapter 1: An Introduction to Cisco ProtectLink Gateway 5

ProtectLink Gateway Overview 5

How Protect Link Gateway Works 6

Web Protection 6

Email Protection 9

How Email Protection Works 10

Email Protection in a Standard Service 11

Benefits of Using ProtectLink Gateway 12

Chapter 2: Deploying the Cisco ProtectLink Gateway 13

ProtectLink Gateway System Requirements 13

Email Protection 13

Web Protection 14

Setting Up the Router and Upgrading the Firmware 14

Using the ProtectLink Home Page in the Configuration Utility 15

Registering ProtectLink Gateway 15

Activating ProtectLink Gateway 24

Rerouting Your Mail through ProtectLink Gateway 26

Chapter 3: Configuring Cisco ProtectLink Gateway 27

Configuring Approved Clients 28

Configuring Approved URLS 29

Configuring Overflow Control 31

Configuring Web Threat Protection (Web Reputation) 32

Configuring URL Filtering 33

License Status and Renewal 35

Reviewing the License Status 36

Renewing a License 37

Adding Seats 44

Enabling the System Log and Outbound Blocking Event Log 51


4/82


Contents

Chapter 4: Configuring and Managing Email Protection 54

Launching the Web Portal for Email Protection 54

Features of the IMHS Web Portal 56

Viewing Reports 57

Working with Policies 59

Managing the Approved Senders 63

Managing the Quarantined Messages 65

Configuring the Summary Digest Mail for the Quarantine 66

Working with the Mail Tracking Logs 69

Administration Tasks in the IMHS Console 71Managing Passwords 71

Importing User Directories 74

Co-Branding to Display a Company Logo in the Web Portal 76

Appendix 5: Terminology 78

Viruses/Malware 78

Spyware/Grayware 79

Spam 80

Phishing Incidents 80

Mass-Mailing Attacks 81

Appendix A: Where to Go From Here 82


5/82

1


An Introduction to Cisco ProtectLink Gateway

This chapter includes the following topics:

ProtectLink Gateway Overview, page 5

Web Protection, page 6

Email Protection, page 9

Benefits of Using ProtectLink Gateway, page 12

ProtectLink Gateway Overview

Use Cisco ProtectLink Gateway to provide comprehensive spam and web

protection at your Cisco Small Business router or security appliance. This service

integrates anti-spam with antivirus and anti-spyware, and Web Reputation with

URL Filtering. As a result, your network is protected from email threats in theInternet cloud and web threats in the router or security appliance, providing

access only to email and websites that are appropriate for your business.

As a hosted service, ProtectLink Gateway provides significant benefits over an on-

site solution:

Keeps email and website threats completely off the network.

Preserves Internet connection bandwidth and reduces storage.

Decreases on-site hardware and software maintenance.

Optimizes protection with updates and tuning by Cisco.

Reduces infrastructure costs, while easing deployment and administration.


6/82


Web Protection


1

How Protect Link Gateway Works

Figure1 shows the flow of website and email traffic as it moves from the Internet

through the Cisco ProtectLink Gateway Service and the router or securityappliance.

The router or security appliance blocks the website threats.

The ProtectLink Gateway Service stops email threats in the cloud by

leveraging the Trend Micro IMHS capabilities.

Figure1 How ProtectLink Works

Additional product information is available at the following URL:

www.cisco.com/go/protectlink

Web Protection

Many companies have corporate policies that prohibit access to websites that thecompany considers non-work related. Cisco has designed the Web Protection

function to prevent users from accessing such sites.

Web Protection manages and protects employee Internet use by blocking access

to non-work-related and malicious websites. Web Protection does the following:

Manage employee Internet use: Allows system administrators to set

Internet-use policies for the company.
http://-/?-http://www.cisco.com/go/protectlinkhttp://-/?-http://www.cisco.com/go/protectlink


7/82


Web Protection


1

Categorize websites in real time: Employs dynamic rating technology to

categorize websites while users browse.

Block malicious websites in real time: Uses an extensive database todetermine the reputation of a requested URL and blocks the URL, if

required.

Offer flexible filtering options: Filters by category, time periods, and days

of the week.

When a user requests access to a URL, ProtectLink Gateway checks the URL

against the Trend Micro URL Rating database (located in the cloud at Trend Micro

facilities). After the URL Rating database returns a rating, ProtectLink Gateway

checks the URL against the company-defined restricted categories. If the rating

returned by the URL Rating database matches one of the predefined categories,

ProtectLink Gateway denies access to the website.

Web Protection also evaluates the potential security risk of any requested URL by

querying the web security database at the time of each HTTP request. Depending

on the Reputation Score of the website and the configured Security Level, Web

Protection blocks websites that are known or suspected to be a threat.

Reputation Score:This score determines whether a website is a threat or

not. Cisco calculates the score using proprietary metrics. Based on the

score, Cisco categorizes a URL as likely to be a Web threat, very likely to

be a Web threat, or a Web threat. Cisco considers a URL safe to access if

its score exceeds the configured Security Level, which is explained below.

Security Levels:The configured Security Level and the Reputation Score

determine whether Web Protection will allow or block access to a URL.

Choose one of the following levels:

- High: Blocks a greater number of website threats but increases the risk

of false positives.

- Medium: Blocks most website threats and does not create too many

false positives. This is the recommended setting.

- Low: Blocks fewer website threats but reduces the risk of false

positives.

When ProtectLink Gateway blocks a website, it sends a notification message to

the browser to inform the user that access to the site is denied based on company

policy.

NOTE If the URL Rating database does not return a rating result in time, the default action

is to allow access to the URL.


8/82


Web Protection


1

The following figures, Figure 2 and Figure 3, illustrate the flow of tasks in this

process.

Figure 2 Web Protection WorkflowPart 1

Is URLFiltering of Web

Threat protectionenabled?

Is URLFiltering or Web

Threat Protectionenabled?

Is client'sIP address in

Approved Clientslist.

Yes

Yes

Yes

Yes

Yes

Yes Yes

Yes

No

No

No

No

No

No

No

Is queue full?

IsOverflow Control

set to temporarily blockURL requests?

Pass

Log event Block

Is URLFilterningenabled?

Is it abusiness

hour?

Is thecategoryblocked?

Note: Rf and Rw are variables thatdefine the criteria that determines

the final action.

Let Rf = False Let Rf = True

See Part 2

Is thecategoryblocked?

193288
http://-/?-http://-/?-http://-/?-http://-/?-


9/82


Email Protection


1

Figure 3 Web Protection Workflow - Part 2

Email Protection

This section includes the following topics:

How Email Protection Works, page10

Email Connection-Level Reputation-Based Filtering, page10

Email Protection in a Standard Service, page 11

Yes

Yes

Yes

Yes

No

No

No

No

From Part 1

Lowreputation

score

Lt Rw = False Let Rw = True

Is (Rf OR Rw) ==True?

Is URL inApproved

URL list?Log event

Note: Rf and Rw are variables thatdefine the criteria that determines

the final action.

Block Pass

193289

Is URLFiltering of Web

Threat protectionenabled?

Is URLFiltering or Web

Threat Protectionenabled?
http://-/?-http://-/?-


10/82


How Email Protection Works


1


The Cisco ProtectLink Gateway provides Email Protection through Trend MicroIMHS, a high-performance, cost-effective hosted security service that protects

businesses against spam, viruses, and inappropriate content before they reach the

network.

Email Protection proceeds in the following way when an email is sent to an email

address at your company:

1. The originating mail server looks up the domain name that is specified in theemail address.

2. Because your network is protected by IMHS, the Mail eXchange (MX) record for

your domain causes the email to be redirected to IMHS.3. IMHS servers accept the message and perform message filtering and policy

matching on your behalf.

4. Assuming that a message is deliverable, the IMHS servers route the message toyour email servers.

Additionally, two layers of protection are provided:

Email Connection-Level Reputation-Based Filtering, page10

Email Content-Based Filtering, page11

Email Connection-Level Reputation-Based Filtering

When an email server attempts to connect to an Email Protection server, the Email

Protection server queries the Email Reputation Services (ERS) to determine

whether the IP address of the sender is trustworthy. Thus, Email Protection

performs this first level of filtering prior to receiving the actual message. The

content of the message is not scanned at this point.


11/82




1

The following tasks occur during the Email Protection process:

If the sending server's IP address is a known source of spam, the sending

servers IP address will be marked as untrustworthy. Email Protectionpermanently rejects connection attempts from this IP address.

If the senders computer is part of a botnet or is a zombie computer (both

jargon terms for networks or computers that send malicious email

automatically), the IP address will be in the ERS dynamic database. The ERS

dynamic database identifies spam sources as they emerge and continues

to track them for as long as they are active. Email Protection informs the

sending server that the server is temporarily unavailable.

If it the server is legitimate, the server tries to re-send the message to the

destination email server.

Email Content-Based Filtering

After the message passes the first layer of protection, Email Protection examines

the message contents to determine whether the email is spam or contains a threat

The hosted service integrates anti-spam with antivirus, anti-phishing, and anti-

spyware technologies.

Email Protection in a Standard Service

ProtectLink Gateways Email Protection is provided as a Standard service-leveloffering through Trend Micro IMHS. As a Standard service, ProtectLink Gateways

Email Protection provides the following features:

A simplified management console, which has pre-set protection defaults

and is updated and tuned by Cisco.

Multi-tiered anti-spam, antivirus, and anti-phishing protection for inbound

email traffic, with streamlined management for complete security requiring

minimal administration.

The administrator can quickly create white lists of approved senders

designated by email address or domain.

Access to reports, email tracking, and password administration. Internet-

based End-User Quarantine is also available for easy management.


12/82


Benefits of Using ProtectLink Gateway


1

Benefits of Using ProtectLink Gateway

Hosted services provide significant benefits over an on-site solution:

Keeps email and website threats completely off the network.

Preserves Internet connection bandwidth.

Decreases on-site hardware and software.

Optimizes protection with updates and tuning by Cisco.

Reduces infrastructure costs, while easing deployment and administration.


13/82

2


Deploying the Cisco ProtectLink Gateway

You can deploy the Cisco ProtectLink Gateway through the straightforward

process described in the following sections:

ProtectLink Gateway System Requirements, page13

Setting Up the Router and Upgrading the Firmware, page14

Registering ProtectLink Gateway, page 15

Activating ProtectLink Gateway, page 24

Rerouting Your Mail through ProtectLink Gateway, page 26

ProtectLink Gateway System Requirements

Before you deploy ProtectLink Gateway, make sure that your system meets the

requirements for Email Protection and Web Protection, as described below.

Email Protection

Email Protection does not require you to purchase additional hardware (other than

your mail gateway and router) located on your premises. All scanning hardware is

located offsite at Trend Micros secure network operating centers. To access the

Email Protection Administration console, a personal computer with access to the

Internet is required:

Web Browser: Microsoft Internet Explorer 6.x or 7.0 or Mozilla Firefox2.x or 3.0

Internet connection

Access to the MX records on the DNS server in order to reroute email

messages to Trend Micro servers. Contact your Internet Service Provider

for more information or for help with the configuration.


14/82


Setting Up the Router and Upgrading the Firmware


2

WARNING Do not redirect your MX record until you receive confirmation that your account has

been established. If you redirect your MX record before your account is set up, youremail messages may be lost.

Web Protection

Web Protection does not require any additional hardware (other than your router)

located at your premises.

Setting Up the Router and Upgrading the Firmware

Set up your router or security appliance and install the latest firmware by following

the instructions in the documentation for your device. With the latest firmware

installed, the Configuration Utility includes a ProtectLink module that you can find

in the menu bar. Refer to the following examples:

NOTE If ProtectLink is supported on your router or security appliance and you do not see

ProtectLink on the menu bar, upgrade the firmware. For more information, see the

administration guide for the device.


15/82


Using the ProtectLink Home Page in the Configuration Utility


2

Using the ProtectLink Home Page in the Configuration Utility

The Configuration Utility for your router or security appliance includes a page withlinks to the ProtectLink website. These links make it easy for you to buy, register,

and activate ProtectLink services.

NOTE For more information about the Configuration Utility, see the documentation for your

router or security appliance.

ClickProtectLink in the menu bar. On some models, also clickProtectLink in the

navigation tree.

The ProtectLink page appears. The links near the bottom of the page help you to

perform actions for ProtectLink services.

Registering ProtectLink Gateway

Register your service to activate your service and sign up for access to the web

portal for online administration.

NOTE Fully activating your service requires entering a list of the domains that you want to

redirect for hosting to IMHS. IMHS then becomes the primary mail host for the Emai

Protection portion of the ProtectLink Gateway service. If you do not have this

information, you can register the service now and add the missing information later.You will receive instructions in the post-registration email.

To register the service:

STEP 1 Launch the Configuration Utility for your router or security appliance, and then log

in.

STEP 2 Open the ProtectLink home page, as described in Using the ProtectLink Home

Page in the Configuration Utility, page15.

STEP 3 Click the link to register the product online. The link may read I have purchased

ProtectLink Gateway and want to register online or Register ProtectLinkservices and obtain an Activation Code (AC).


16/82




2

The Configuration Utility opens a new window in your web browser. The Register

Your Product page appears.


17/82




2

STEP 4 Enter your Registration Key, and then clickNext.

The Enter Registration Key page appears.


18/82




2

STEP 5 Enter additional Registration Keys, if necessary, and then clickContinue.

The Confirm License Terms page appears.

STEP 6 Read the License Terms carefully. If you agree to the terms, select I Accept, and

then clickSubmit.


19/82




2

The Confirm Product or Service Information page appears.


20/82




2

STEP 7 In the section Do you have Domain/IP address now?, choose one of the following

options:

Yes: Choose this option if you are ready to enter a list of the domains that youwant to redirect for hosting to IMHS. To fully activate your service you must

enter a list of your domains. Then enter each domain or IP address. If you

need to enter more than four domain names or IP addresses, contact Cisco

Support.

No: Choose this option if you are not ready to enter a list of the domains now

In this case, the system will use temporary settings. You can update this info

later by contacting Cisco support.

STEP 8 In the Messaging Environment section, enter the following information:

Number of Users: Enter the number of users that will be registered with theservice, according to your purchase agreement.

Answer the capacity planning question by choosing one of the following

options:

- Yes:Choose this option if you expect unusual message traffic or contenttypes that would generate increased traffic requirements. Enter an

explanation of your situation in the text entry box.

- No: Choose this option if you do not expect unusual message traffic or

content types.


21/82




2

The Registration Information page appears.


22/82




2

STEP 9 Enter your contact details in full, including your email address and Logon ID for

your company profile, and then clickSubmit.

The Confirm Registration page appears, with your contact and domain details.


23/82




2

STEP 10 Make sure the information is correct.

ClickEdit if you need to make changes.

If the information is correct, clickOK.

The Activation Code page appears with your Activation Code displayed. You may

print this page for your records.

STEP 11 In the future, you can visit https://olr.trendmicro.com/registration/ to view your

Online Registration Account or to register additional Cisco ProtectLink products.

STEP 12 ClickOK to finish the registration process.
https://olr.trendmicro.com/registration/https://olr.trendmicro.com/registration/


24/82


Activating ProtectLink Gateway


2


You should receive an email indicating you have successfully registered yourCisco ProtectLink Gateway service within 24 to 48 hours. The email will provide

you an Activation Code, affirm your Logon ID, and give you a temporary Password

for your company. You should change the password after you log on. You will also

be given instructions for providing your email domain(s) and mail server IP address

for redirection, if you did not complete that portion during the registration process

To activate the gateway:


in.

STEP 2 Open the ProtectLink home page, as described in Using the ProtectLink Home

Page in the Configuration Utility, page15.

STEP 3 At the bottom of the page, click the link to activate your service. The link may read

I have my Activation Code (AC) and want to activate ProtectLink Gateway or

Use the Activation Code (AC) to activate ProtectLink services.

The Configuration Utility opens a new window in your web browser. The Activate

Your Product > Step 1: Enter Activation Code page appears.


25/82




2

Enter your Activation Code, and then clickNext.

The Activate Your Product > Step 2: Verify Product Information page appears.

STEP 4 Verify that the details are correct. A message is displayed if the details need to be

corrected. You can clickBack and edit your details. If the details are correct, click

Next.


26/82


Rerouting Your Mail through ProtectLink Gateway


2

The Activate Your Product > Step 3: Finish Activation page appears. You have

successfully activated the product. Your service will be active by the next working

day.

Rerouting Your Mail through ProtectLink Gateway

After Trend Micro receives your activation details, Trend Micro sends you

additional emails.

The Web Protection Activation email provides a Logon ID and temporary

Password, along with instructions to customize Web Protection for your

company.

The Email Protection Activation email includes your IMHS Username and

temporary Password to access the IMHS web portal, with instructions on

how to redirect your Mail Exchange (MX) record.

When your Email Protection account is set up correctly, a Test Email is sent

to ensure that email messages can flow through the Trend Micro servers

properly.

NOTE If you did not provide the Domain Name and/or IP Address of your email server

during registration, your Email Protection account cannot be created. Follow the

instructions in the post-registration email to provide these details. Do not redirect

your MX record until you receive the test email that your account has been properly

established. If you redirect your MX record before your account is fully set up, your

email messages may be lost.


27/82

3


Configuring Cisco ProtectLink Gateway

After you have activated your account, configure your router for Web Protection

and Email Protection, as described in the following sections:

Configuring Approved Clients, page 28

Configuring Approved URLS, page 29

Configuring Overflow Control, page 31

Configuring Web Threat Protection (Web Reputation), page 32

Configuring URL Filtering, page 33

License Status and Renewal, page 35

Enabling the System Log and Outbound Blocking Event Log, page 51

NOTE Different models may have different configuration pages or may present the pages

in a different order than the topics appear in this guide. The above list helps you find

information about the tasks that you want to perform. Within the ConfigurationUtility, also use the online Help for information about a screen that you are viewing


28/82


Configuring Approved Clients


3

Configuring Approved Clients

The Approved Clients List details the computers that have unrestricted Webaccess. ProtectLink will approve all URL requests from the specified IP addresses.

The Web Protection settings will not apply to the Internet requests of any

computer whose IP address is in this list.

To configure Approved Clients:


in.

STEP 2 ClickProtectLinkon the menu bar, and then clickGlobal Settings > ApprovedClients in the navigation tree.

NOTE If your Configuration Utility does not include a left navigation tree, click

ProtectLink and then choose Web Protection. Then scroll down to the

Approved Clients area of the page. The layout will vary from the illustration

STEP 3 To enable this feature, check the Enable Approved Clients List box, and then click

Apply or Save Settings.

STEP 4 To add a new client, or multiple clients in an IP address range, clickAdd.NOTE Other options:To edit an entry, click the pencil button in the Edit

column. To delete an entry, click the check box and then clickDelete. To

select all entries in the table, check the box in the top left corner of the

heading row.


29/82


Configuring Approved URLS


3

STEP 5 To identify the client (or clients), enter the following information:

IP Address Type:Choose Single to enter one IP address, or choose Range

to specify a range of IP addresses.

Start IP Address: For Single, enter the IP address. For Range, enter the first

IP address in the range.

End IP Address: For Single, leave this field blank. For Range, enter the last IP

address in the range. ProtectLink will approve all URL requests from the

specified IP addresses. For example, 1.1.1.2 - 1.1.1.10 will approve all the IP

addresses that fall in the range.

STEP 6 ClickApply or Save Settings. The details will appear in the Approved Clients List

NOTE If your Configuration Utility includes all Web Protection settings on

one page, you can save the settings after configuring all of the desired

features on the page.


The Approved URLs List details the websites that always can be accessed. The

approved sites are defined by specific URLs or keywords within URLs.

To configure Approved URLs:


in.

STEP 2 ClickProtectLinkon the menu bar, and then clickGlobal Settings > ApprovedURLs in the navigation tree.


ProtectLink and then choose Web Protection. Then scroll down to the

Approved URLs area of the page. The layout will vary from the illustration.


30/82




3

STEP 3 To enable this feature, check the Enable Approved URLs List box, and then click

Apply.

STEP 4 To add a new URL or keyword to the list, clickAdd.

NOTE Other options:To edit an entry, click the pencil button in the Edit

column. To delete an entry, click the check box and then clickDelete. To

select all entries in the table, check the box in the top left corner of the

heading row.

STEP 5 To specify either the exact URL or a keyword, enter the following information:

URL: Type the exact URL for the site (for example, www.yahoo.com) or enterpartial URL for use as a keyword (for example,yahoo).

Match Type:Choose one of the following options:

- Web site:Choose this option if you want to allow access only to the exact

URL that you entered in the URL box. For example, if you entered

www.yahoo.com for the URL, then your users can access

www.yahoo.com, but they will be blocked from www.yahoo.com.uk or

www.yahoo.co.jp.

- URL keyword: Choose this option if you want to allow access to any URL

that includes the keyword that you entered in the URL box. For example,if you enteryahoo for the URL, then your users can access websites such

as www.yahoo.com, tw.yahoo.com, www.yahoo.com.uk, and

www.yahoo.co.jp.


31/82


Configuring Overflow Control


3

STEP 6 ClickApply or Save Settings to save the settings. The details will appear in the

Approved Clients List.

NOTE If your Configuration Utility includes all Web Protection settings onone page, you can save the settings after configuring all of the desired


Configuring Overflow Control

Overflow Controls determines how ProtectLink handles excess URL requests.

During periods of overflow, you can either block the requests or to bypass URL

Filtering. Blocking the requests is the default setting and is recommended to

ensure that URL Filtering continues to protect your business during busy periods.

To configure Overflow Control:


in.

STEP 2 ClickProtectLink in the menu bar, and then clickWeb Protection > Overflow

Control in the navigation tree.

NOTE If your Configuration Utility does not include a left navigation tree, clickProtectLink and then choose Web Protection. Then scroll down to the

Overflow Control area of the page. The layout will vary from the illustration


32/82


Configuring Web Threat Protection (Web Reputation)


3

STEP 3 Choose one of the following options:

Temporarily block URL requests: Choose this option to manage overflow

by temporarily blocking all new website requests. This setting isrecommended.

Temporarily bypass URL requests: Choose this option to manage overflow

by temporarily bypassing URL Filtering for new website requests.

STEP 4 ClickApply or Save Settings to save the settings.




Configuring Web Threat Protection (Web Reputation)

If you enable Web Threat Protection (also called Web Reputation), you can choose

the security level.

To configure Web Threat Protection:

STEP 1 Launch the Configuration Utility for your router or security appliance, and log in.

STEP 2 ClickProtectLink in the menu bar, and then clickWeb Protection > Web Threat

Protection in the navigation tree.


ProtectLink and then choose Web Protection. Then scroll down to the Web

Reputation area of the page. The layout will vary from the illustration.


33/82


Configuring URL Filtering


3

STEP 3 To enable this feature:

Check the Enable Web Threat Protectioncheck box.NOTE On some models, this check box appears at the top of the Web

Protection page.

Select the Security Level for Web Reputation:

- High: Blocks a greater number of web threats but increases the risk of

false positives. In other words, you may block websites that are safe.

- Medium: Blocks most web threats and does not create too many false

positives. This setting is recommended.

- Low: Blocks fewer web threats, but reduces the risk of false positives.

STEP 4 ClickApply to save your settings.





You can use URL Filtering to restrict access to specified URLs. You can set

different URL Filtering options for your business hours and your non-business

hours.

To configure URL Filtering:


in.

STEP 2 ClickProtectLink in the menu bar, and then clickWeb Protection > URL Filtering

in the navigation tree.


ProtectLink and then choose Web Protection. Then scroll down to the URL

Filtering area of the page. The layout will vary from the illustration.


34/82




3

STEP 3 To enable URL Filtering, check the Enable URL Filtering box.

STEP 4 In the Filtered Categories table, choose the categories and hours for filtering.

Filtered Categories: If you want to see the sub-categories, click the

expansion + button next to the Category name. Business Hours: For each category or sub-category, check the box to

activate URL Filtering during the Business Days and Business Times that you

will define on this page.

Leisure Hours: For each category or sub-category, check the box to activate

URL Filtering during non-business hours. Non-Business Hours are the days

and times that are not included in the specifiedBusiness Days and Business

Times.


35/82


License Status and Renewal


3

STEP 5 Define the Business Hours for URL filtering by choosing the Business Days and

Business Times:

Business Days: Check the box for each day that you want to include in yourBusiness Hours. All days that are not selected will be considered Leisure

Hours for the purpose of URL filtering.

Business Times:Choose from the following options:

- All Day (24 hours): Choose this option if you want your Business Hours

to include all hours in the specified day.

- Specify Business Hours: Choose this option if you want your Business

Hours to be restricted to specified time periods. Then choose the

Morning and Afternoon time periods. All hours that are not included in

these ranges will be considered Leisure Hours for the purpose of URLfiltering.

Morning: Check the box to specify the morning hours (before noon). Use

the From and To drop-down lists to specify the range of Business Hours

for the morning.

Afternoon: Check the box to specify the afternoon hours. Use the From

and To drop-down lists to specify the range of Business Hours for the

afternoon.

STEP 6 ClickApply to save your settings.





From the Configuration Utility for your router or security appliance, you can review

your license status, renew your license, and add seats to your ProtectLink account.This section includes the following tasks:

Reviewing the License Status, page 36

Renewing a License, page 37

Adding Seats, page 44


36/82




3

Reviewing the License Status

To review license information:


in.

STEP 2 Click the ProtectLink on the menu bar, and then clickLicense > Summary in the

navigation tree.


ProtectLink, and then choose License, to view the License Information

table. The layout will vary from the illustration.

The status of the license is indicated by the status icon and the status messagenear the top of the page.

Cisco ProtectLink Service is Active.

Cisco ProtectLink Service will expire in 30 days.

Cisco ProtectLink Service has expired.


37/82




3

STEP 3 ClickUpdate Information to update your license information. Your license

information is updated and stamped with a date indicating when the license

information was last updated.

STEP 4 Click the View detailed license online link to view more details of your product

license.

The My Product Details Web page appears.

Renewing a License

NOTE Before you can perform this procedure, you must first purchase an Extension Key

(EK) from your Cisco reseller.

To renew your license:


in.

STEP 2 ClickProtectLinkon the menu bar, and then clickLicense > Renewal in thenavigation tree.


38/82




3


ProtectLink and then choose License. Find the Renew button below the

License Information table.

STEP 3 Depending on the model, click either the link or the Renew button to launch the

web portal and register your extension key.

The Online Registration Web page appears.


39/82




3

STEP 4 Enter your ProtectLink Gateway Service login ID and password, and then click

Login.

The My Products page appears.

STEP 5 ClickRenew Product.

The Renew Licenses > Step 1 of 4: Select Product page appears.


40/82




3

STEP 6 Select the license to renew, and then clickNext.

The Renew Licenses > Step 2 of 4: Enter Extension Key page appears.


41/82




3

STEP 7 Enter the Extension Key for the product you wish to renew (ProtectLink), and then

clickNext.

The Renew Licenses > Step 3 of 4: Confirmation page appears.


42/82




3

STEP 8 Check your current product and Extension Key information, and then clickSubmit.

The Renew Licenses > Step 4 of 4: Update Activation Code page appears,

indicating that you have successfully renewed your license.

STEP 9 To complete the renewal process, return to the Configuration Utility for your router

or security appliance. It should still be available in another window of your web

browser.

STEP 10 ClickProtectLinkon the menu bar, and then clickLicense > Summary in thenavigation tree.

NOTE If your Configuration Utility includes all License features on one

License page, clickProtectLink and then choose License.


43/82




3

STEP 11 In the License Information table, clickView detailed license online.The My Product Details page appears, indicating your ProtectLink product details

and the new license expiration date.

STEP 12 Return to the Configuration Utility for your router or security appliance. It should

still be available in another window of your web browser. The License Information

table should still be displayed.

STEP 13 ClickUpdate Information. Your License Information is updated, indicating your

new ProtectLink expiration date.


44/82




3

Adding Seats

NOTE Before you can add a seat, contact your Cisco reseller to purchase an additional

Registration Key (RK).

To add seats to your license:


in.

STEP 2 ClickProtectLinkon the menu bar, and then clickLicense > Add Seat in thenavigation tree.


ProtectLink and then choose License. Find the Add Seat button below the

License Information table.


45/82




3

STEP 3 Depending on the model, click either the link or the Add Seat button to launch the

web portal and register your extension key.

The Online Registration Web page appears.


46/82




3

STEP 4 Enter your ProtectLink Gateway Service login ID and password, and then click

Login.

The My Products page appears.


47/82




3

STEP 5 Click the Register New Product/Add Seat button above the table.

The Register New Product > Step 1: Enter Registration Key page appears.


48/82




3

STEP 6 Enter your Registration Key and Purchase Date, and then clickNext.

The Register New Product > Step 2: Verify Product or Service Information page

appears, with the new Seats showing in the Registration table.

STEP 7 Verify your product or service information.

STEP 8 ClickYes or No to answer the question, Have you installed an evaluation copy of

any of the products you are registering?


49/82




3

STEP 9 If the information is correct, clickNext.

The Register New Product > Step 3: Similar Product Check page appears.

STEP 10 Select the required license, and then clickAdd Seats to Selected License.

The Register New Product > Step 4 of 6: Confirm Adding Seats page appears.


50/82




3

STEP 11 ClickNext to confirm the changes highlighted in red.

The Register New Product > Step 5 of 6: License Terms page appears.

STEP 12 ClickI Accept, and then clickSubmit.

The Register New Product > Step 6 of 6: Updating Activation Code page appears


51/82


Enabling the System Log and Outbound Blocking Event Log


3

STEP 13 When these steps are completed, your account is updated and will accommodate

the new seats.


ProtectLink Gateway can provide a system log (syslog) as well as an Outbound

Blocking Event log for all outbound events that it blocks. Enable these features to

maintain the logs.

To enable the syslog and the Outbound Blocking Event Log:


in.

STEP 2 Click the Administrationon the menu bar, and then clickLogging > RemoteLoggingin the navigation tree.


Administration, and then choose Log. Then scroll down to the Syslog area

of the page. The layout will vary from the illustration.


52/82




3

The Remote Logging Config page appears.

STEP 3 In the Syslog Server field, enter the name or IP address of the syslog server.

NOTE If your Configuration Utility includes an Enable Syslog check box,

check the box to enable this feature.

STEP 4 ClickApply or Save Settings to save your settings.

STEP 5 To view the logs, use one of the following methods, depending on the model:

In a Configuration Utility with the left navigation tree, clickStatus on themenu bar, and then clickView Logs > Policy Enforcement Logs in the

navigation tree.

In a Configuration Utility with the Administration > Log page, click the View

Logbutton near the bottom of the page.


53/82




3

The Log page appears, where you can view All, System, Access, Firewall, and

VPN logs page by page.


54/82

4


Configuring and Managing Email Protection

Use the web portal to configure and manage email protection:

Launching the Web Portal for Email Protection, page 54

Features of the IMHS Web Portal, page 56

Viewing Reports, page 57

Working with Policies, page 59

Managing the Approved Senders, page 63

Managing the Quarantined Messages, page 65

Working with the Mail Tracking Logs, page 69

Administration Tasks in the IMHS Console, page 71

Launching the Web Portal for Email Protection

From the Configuration Utility for your router or security appliance, you can launch

the web portal for Trend Micro IMHS.


in.

STEP 2 ClickProtectLink in the menu bar, and then clickEmail Protection in the navigation

tree.

NOTE If your Configuration Utility does not include a left navigation bar, click

ProtectLink and then choose Email Protection. The layout will vary from the

illustration.


55/82


Launching the Web Portal for Email Protection


4

The Email Protection page appears.

STEP 3 Click the link on the page to launch the web portal for Trend Micro IMHS: https://

us.imhs.trendmicro.com/cisco.

The Trend Micro IMHS login page appears.

STEP 4 Enter the Username and Password that you received when you activated the

Cisco ProtectLink Gateway, and then clickLog On.

The IMHS web portal appears, with the Report > Dashboard displayed.

NOTE After you have logged onto IMHS for the first time, Cisco recommends changingyour password to help ensure the security of your IMHS account. See the

Changing a User Password section on page 73 for details.
https://us.imhs.trendmicro.com/ciscohttps://us.imhs.trendmicro.com/ciscohttp://-/?-http://-/?-https://us.imhs.trendmicro.com/ciscohttps://us.imhs.trendmicro.com/cisco


56/82


Features of the IMHS Web Portal


4

Features of the IMHS Web Portal

The IMHS web portal allows you to create reports, view logs, performadministrative tasks, and review policies. The console is illustrated in Figure1.

Figure 1 IMHS Web Portal

In the page displayed above, the user interface includes the following tools:

Navigation Menu:Click menu items in the Navigation Menu to access

working pages within the IMHS web portal. When clicked, menu items with

right arrows open to reveal additional submenu items.

Dashboard / Tab Graph Specifics:Click a graph in the Dashboard or its

respective Tab, which displays details about the specific IMHS action.

Managed Domain:The domain shown in the Dashboard is the currentdomain. Select other domains in the Managed Domain popup menu.

Online Help:Help is available in three ways: through the Online Help popup

menu, through the context-sensitive? button, and through the Email to

support email link. Using the Online Help popup menu you can download

the IMHS manuals and access other help tools.
http://-/?-http://-/?-


57/82


Viewing Reports


4

Log On Status:Displays the name of the log on account.

Log Off Link :Click the Log Off link to log out of the IMHS web portal.

Refresh page:Click the Refresh link to refresh the page.

NOTE A full treatment of all the Email Protection features in IMHS is beyond the scope of

this guide. For more details, refer to the Trend Micro InterScan Gateway Hosted

Security 1 Getting Started Guideand the Trend Micro InterScan Gateway Hosted

Security 1 End User Guide located at the following URL:

http://www.trendmicro.com/download/.

Viewing Reports

Many reports are available to help you analyze the results of your Email Protection

STEP 1 Launch the web portal for IMHS, and log in.

NOTE For more information, see Launching the Web Portal for Email

Protection, page 54.

The Report > Dashboard page appears by default. You also can find this page by

clicking Reports in the navigation menu.
http://www.trendmicro.com/download/http://www.trendmicro.com/download/


58/82


Viewing Reports


4

STEP 2 For specifics concerning particular IMHS actions, click the appropriate tab or

graphic in the Dashboard page. For example, click the Traffic or the Total Traffic

graphic to view the details page.

The details page appears. Refer to the following example of the Total Traffic page

Table1 describes the Dashboard / Tab page graphics.

Table1 Dashboard / Tab page Graphics

Graphic Name Tab Name Description

Total Traffic Traffic Shows the total blocked and accepted

email traffic for the selected domain

Accepted Size Size Shows the total size (in KB) of accepted

email traffic for the selected domain


59/82


Working with Policies


4


An IMHS policy is defined as a set of rules for a specific mail domain. Multiple rules

can exist for each domain (policy), but only a single policy can exist for any one

domain. Use the Policy menu to view the predefined policies governing your Email

Protection.




STEP 2 ClickPolicies in the navigation menu.

Threats

Summary

Threats Shows what percentage of specific types

of messages make up the email traffic for

the selected mail domain

Threats Details Details Shows detailed email traffic distribution for


Top Spam

Recipients

Top Spam Shows the top spam message recipients

for the selected mail domain

Top Virus

Recipients

Top Virus Shows the top virus message recipients for


Table1 Dashboard / Tab page Graphics

Graphic Name Tab Name Description (Continued)


60/82




4

The Policy page appears, displaying a list of the predefined Rules and the status

of each.

Figure 2 IMHS Policy / Spam Rule Settings

NOTE The administrators can see the rules that apply to their organization.

ProtectLink customers have read-only access and may view the default

policy and modify the Spam or Phish and Newsletter or spam-like rules.

The administrator may change the action taken on messages identified fromthe default action of Delete, Tag Subject, or Quarantine, as shown in the

Spam Rule Settings popup menu above.

STEP 3 Use the following features, as needed:

Use the column headings to change the sort order. The rules are displayed

in a table, sorted by the order in which the rules are applied during scanning

by IMHS. The contents of each table can be resorted by clicking a column

heading. If you want to change the order of the information in the table, click

any column heading. The information will be sorted in ascending order.

Refer to the icons in the Status column to see the status of a rule.


61/82




4

The ProtectLink (IMHS Standard) default policy settings are shown in Table 2.

Icon Status

Rule Enabled

Rule Disabled

Table 2 Standard Service Default Policy Settings

Rule Description

Rule 1 This rule is designed to protect the user from

viruses that are often spread by mass mailing

type campaigns. If a message is identified as

containing a virus that cannot be cleaned and

the message shows mass-mailing behavior,

then the entire email message, along with the

virus, is deleted.

Rule 2:

Exceeding message size or allowed

number of recipients.

This rule is designed to protect the systemfrom Denial of Service (DOS) and Zip of Death

attacks. If the size of the incoming message

exceeds the default limit of 10MB or it has

been sent to more than 50 recipients in the

organization, then the message is deleted.

Rule 3:

Spam or Phish

This rule is designed to catch spam or

phishing email messages. The default action

is to delete all messages identified as spam

or phishing email messages. All IMHS

customers have the ability to change thedefault action. It is highly recommend that

only the Delete or Quarantine actions are

used for this rule. All quarantined messages

are saved for seven days in the IMHS web-

accessible quarantine


62/82




4

Rule 4:

Virus-uncleanable

This rule is designed to protect the user from

viruses. If a message is identified as

containing a virus that cannot by cleaned,

then the virus attachment is deleted from the

email message before it is delivered.

Rule 5:

High-risk attachment

Disabled for Standard customers.

Rule 6:

Virus-cleanable

This rule is designed to protect the user from

viruses. If a message is identified as

containing a virus that can by cleaned, thenthe virus is removed from the email message

before it is delivered. If the virus cleaning

process is unsuccessful, then the virus

attachment is deleted.

Rule 7:

Newsletter or spam-like

This rule is designed to catch gray-mail

such as newsletters. The default action for

these spam-like email messages is to Tag

Subject (with Spam>). It is highly

recommend that only the Tag Subject or

Quarantine actions are used for this rule. All

quarantined messages are saved for seven

days in the IMHS web accessible quarantine.

Rule 8:

Password-protected zipped file

attachments

This rule is designed to allow advanced users

to configure the action taken to handle email

messages with password-protected zip file

attachments. By default, messages with

password-protected zip file attachment are

passed through to the recipient and a

notification is placed in the body of the mail

stating that the attached file was not scanned.

Table 2 Standard Service Default Policy Settings

Rule (Continued) Description (Continued)


63/82


Managing the Approved Senders


4


For each domain that you manage, you can specify the email addresses ordomains that you approve as senders. The emails that are received from these

approved senders will not be subject to all of the checks that are normally

performed on incoming emails.

ERS will not block any email messages from the senders (or domains)

specified.

Content-based heuristic spam rules will not apply to email messages

received from the specified senders or domains.

All virus, content-based, and attachment rules will apply.




STEP 2 ClickApproved Senders in the navigation menu.

The Approved Senders page appears.

STEP 3 To display the approved senders for a different managed domain, complete the

following tasks:

a. From the Managed Domain list, choose a particular domain that you manage, or

choose All Domains to see the Approved Senders for all domains.

b. ClickRefresh to display the approved senders for the selected domain.


64/82




4

STEP 4 To add a sender, complete the following tasks:

a. From the Managed Domain list, choose whether to approve this sender for All

Domains or for a particular domain.

b. Click in the Add box, and then enter an email address (in the format

[email protected]) or enter a domain (such as domain.com).

c. Click Approve Sender to add the sender to the list.

STEP 5 To edit an entry, complete the following tasks:

a. Click the entry.

b. Edit the text.

c. Click OK .

STEP 6 To delete an entry, complete the following tasks:

a. Click the check box for the entry.

b. ClickDelete.


65/82


Managing the Quarantined Messages


4


You can enter criteria to find quarantine messages for a particular recipient,domain, or sender. You can then choose whether to delete the messages or

release them from the quarantine.




STEP 2 ClickQuarantines in the navigation menu, and then clickQuery.

STEP 3 Enter your search criteria. You must enter a recipient, but you can enter additional

criteria.

Recipient: Enter the recipients email user name. For example, if the full email

address is [email protected], you would enter user.

Domain (unlabeled): Choose the domain from the drop-down list.

Sender (optional): Enter the full email address or the domain of the sender.

Display: Choose the number of messages to display per page. For faster

display, choose a lower number of messages on each page. Buttons allowyou to move through the pages.

STEP 4 ClickSearch.

The results appear in a table. The information includes that date, sender, and

subject line. You can change the sort order by clicking a column heading. The

results will be sorted in ascending order based on the selected heading.


66/82




4

STEP 5 To delete messages, complete the following tasks:

a. For each message that you want to delete, check the box in the first column of

the row.OR Select all messages on the page by checking the box in the first

column of the header row.

b. Click the Delete button above the table. All selected messages will be deleted

c. Repeat for the other pages of the display, as needed.

STEP 6 To release an item from the quarantine, complete the following tasks:

a. For each message that you want to release, check the box in the first column of

the row.

OR Select all messages on the page by checking the box in the first

column of the header row.

b. Click the Deliver (Not Spam) button above the table.

NOTE When a message is released from the quarantine, IMHS processes

the request but does not apply the anti-spam criteria. The message is

then sent. However, be aware that a message may be blocked by the

receiving email server, based on the messaging security policies that are

in effect. IMHS does not control these policies. In this case, the email will

not arrive in the recipients email Inbox.

c. Repeat for the other pages of the display, as needed.

Configuring the Summary Digest Mail for the Quarantine

Configure IMHS to send a summary digest email message to each recipient who

has quarantined messages. You can choose the frequency, day of the week, and

time to send this message. You also can control the content of the message. The

digest mail can list up to 100 quarantined messages and provides a link for the

recipient to access messages of interest.

A digest email is sent only if this feature is enabled.


67/82




4

To configure the summary digest mail:




STEP 2 ClickQuarantines in the navigation menu, and then clickSettings.

The Quarantine Settings page appears.

NOTE As illustrated in yellow, you can right-click any field in the Digest Mail

Template area to view the available tokens. Tokens are codes that you canuse to insert information such a the recipients own email address, the date

of the digest email, and other details. More information is provided in the

step-by-step procedure below.

STEP 3 To enable this feature, click the Disabled icon in the upper right corner of the page.

Now the button label is Enabled. You can disable the feature by clicking the button

again. (This feature is disabled by default.)


68/82




4

STEP 4 From the Managed Domain drop-down list, choose the domain for which the

digest email message will be created.

NOTE The domain used in the sender s email address must be the same asthe domain to which the email will be delivered.

STEP 5 Select the frequency for sending the digest email message by checking the Daily

check box or the individual boxes for the days of the week.

NOTE Quarantined email messages are retained for seven days.

STEP 6 Select a Time and Time Zone when the digest email message should be sent.

STEP 7 Enter the following information to configure the email message that will be sent:

NOTE To enter a token into a field, first click to place the cursor at the

insertion point. Then right-click in that position to view the list of codes thatcan be used. Click a code on the list to insert it.

Senders Email:Enter the email address to display in the header as the

sender of the email.

NOTE The default entry is the code %DIGEST_RCPT%, which

automatically inserts the recipients own email address in the From line of

the message.

Subject: Enter the text that appears in the digest email message subject line

NOTE The default entry includes Trend Micro IMHS quarantined spam,with the code %DIGEST_DATE% to insert the date of the email and the

code %DIGEST_RCPT% to automatically insert the recipients own email

address in the From line of the message.

HTML Content:Enter the body of the HTML message, for users that can

receive HTML email messages.

NOTE The default content includes HTML formatting tags that you can

modify if you know HTML. The content of this message is the same as the

default content in the TEXT Content box. The message includes the total

number of quarantined messages, using the code

%DIGEST_TOTAL_COUNT% . There is also a link that the user can click toconnect to the IMHS Web EUQ login page. After logging in with the

assigned username and password, the user can review the messages

and specify any messages to release from the quarantine.

TEXT Content: Enter a plain text version of the message, without HTML

formatting tags, for users that cannot receive HTML email messages.


69/82


Working with the Mail Tracking Logs


4

STEP 8 ClickSave to save your changes.


Use the Logs > Mail Tracking section to search for and view mail tracking logs

based on a specific date or date range, sender, and/or recipient. Mail tracking

information is only available for the previous five days.

The Mail Tracking feature allows you to locate any message within the system

using sender and recipient information. It shows the status and the action taken on

the message such as the following:

Blocked or delayed at the system edge by reputation service

Accepted for processing and deleted with a virus

Accepted, processed, and delivered

Unresolved

To view mail tracking logs:




STEP 2 ClickMail Tracking in the navigation menu.


70/82




4

The Mail Tracking - Inbound Traffic page appears.

STEP 3 Enter the criteria for the logs that you want to view:

Dates:Work from left to right to choose the start range and end range. Click

the calendar button to choose a date. For time, use the hh drop-down list to

choose the hour (from 0 to 23) and use the mm list drop-down list to choose

the minutes (from 0 to 59). The displayed time zone is based on the settings

for the computer that you are using.

Recipient: Enter the recipients email user name. For example, if the full email

address is [email protected], you would enter user.

Sender (optional): Enter the full email address or the domain of the sender.

STEP 4 ClickSearch.

The results appear.

STEP 5 Click a tab to choose the type of messages to view: Blocked Traffic, Accepted

Traffic, or Unresolved.


71/82


Administration Tasks in the IMHS Console


4


This section includes the following tasks:

Managing Passwords, page 71

Importing User Directories, page 74

Co-Branding to Display a Company Logo in the Web Portal, page 76

Managing Passwords

Administrators can change Admin Password and End User Passwords.

All IMHS passwords require between eight and 32 characters. Cisco stronglyrecommends the use of passwords that meet the following criteria:

Include multiple character types (a mix of letters, numbers, and other

characters).

Do not use recognizable formats (for instance, your birthday, license

number, or employee ID number.

Refer to the following topics:

Managing the Administrator Password, page 72

Changing a User Password, page 73


72/82




4

Managing the Administrator Password

To change the Admin Password, follow these steps:




STEP 2 ClickAdministration in the navigation menu, and then clickAdmin Password.

The Change Admin Password page appears.

STEP 3 Enter the following information:

Old password:Enter your current password.

New password: Enter a new password that includes between eight and 32

characters.

Confirm password: Enter the new password again.

STEP 4 ClickSave.


73/82




4

Changing a User Password

To reset an end-user password, follow these steps:




STEP 2 ClickAdministration in the navigation menu, and then clickEnd-user Password.

The Change End User Password page appears.

STEP 3 Enter the following information:

Registered end-users email address:Enter the first part of the email

address. For example, if the address is [email protected], enter user.

New password: Enter a new password that includes between eight and 32

characters.

Confirm password: Enter the new password again.

NOTE The end-user will need to know the new password to log in. The

system sends the end-user an email with an activation URL.


74/82




4

Importing User Directories

Importing user directories into IMHS can help prevent spam attacks that send

emails to invalid addresses on your domain. For example, in a Directory HarvestAttack (DHA), a spammer sends emails to all possible user names on a domain.

When the server returns bounce messages for the invalid addresses, the

spammers can deduce which email addresses were valid, and can use this list of

addresses for future attacks.

Importing user directories lets IMHS know legitimate email addresses and

domains in your organization. IMHS will not forward messages for invalid

addresses.

You can import directory files that are in the following formats:

LDAP Data Interchange Format (LDIF: .ldf)

Comma-separated Values (CSV: .csv) files.

To import a user directory file, follow these steps:




STEP 2 ClickAdministration in the navigation menu, and then clickDirectory

Management.

The Directory Management page appears.


75/82




4

This page has two sections:

Import User Directory:Selections for importing a new user directory file.

Imported User Directories:The current user directory file(s) that IMHS is

using. IMHS replaces one mail domain users at a time. Users may be a

combination of multiple user directories.

STEP 3 In the Import User Directory section, enter the following information about the

directory that you want to import:

Format:Select the format type: LDIF or CSV.

Name: Enter a descriptive name for the file. File location: ClickBrowse and select the file on your computer.

STEP 4 ClickVerify File.

After the progress bar completes, a summary page appears, showing the

following information:

Summary :A summary of the information that you provided.

Domains and Number of Current Users to Replace Current Users:The

domains that you specified when you subscribed to the IMHS service.

Invalid domains:Domains that are included in your directory file, but are not

officially used on your IMHS service. IMHS cannot provide service for these

domains and their corresponding email addresses.

STEP 5 ClickImport.

NOTE There are best practices for exporting and importing directories in

IMHS, as well as for administration and user directory verification. For details

on these practices, see the Trend Micro InterScan Messaging Hosted

Security 1 Getting Started Guide, pages 3-23 to 3-26.)
http://tw.trendmicro.com/imperia/md/content/us/pdf/products/enterprise/interscanmessaginghostedsecurity/imhs_1.0_gsg_post_2007_4_27.pdfhttp://tw.trendmicro.com/imperia/md/content/us/pdf/products/enterprise/interscanmessaginghostedsecurity/imhs_1.0_gsg_post_2007_4_27.pdfhttp://tw.trendmicro.com/imperia/md/content/us/pdf/products/enterprise/interscanmessaginghostedsecurity/imhs_1.0_gsg_post_2007_4_27.pdfhttp://tw.trendmicro.com/imperia/md/content/us/pdf/products/enterprise/interscanmessaginghostedsecurity/imhs_1.0_gsg_post_2007_4_27.pdfhttp://tw.trendmicro.com/imperia/md/content/us/pdf/products/enterprise/interscanmessaginghostedsecurity/imhs_1.0_gsg_post_2007_4_27.pdf


76/82




4

Co-Branding to Display a Company Logo in the Web Portal

IMHS allows the user to display a company logo in various places within the web

portal. When this feature is enabled, the selected logo appears in the followingplaces:

The banner bar of the IMHS login page

The left navigation pane of the IMHS GUI after you log in

The banner bar of the IMHS Web EUQ login page

The left navigation pane of the IMHS Web EUQ GUI after you log in

NOTE Resellers can set different logos for different domains, or allow

system administrators of the domain to set the logo for that domain,

separately from the reseller logo. The logo selected for a domain also

displays in the banner bar and navigation pane of the IMHS Web EUQ

associated with that domain.

Users at the reseller level may set different domains with the same logo, different

logos, or allow the domain administrators to set the logo to be displayed for their

domain. Resellers can also leave the feature disabled.

Verify that your logo image meets the following requirements:

Image height: 45 pixels

Image width: 45-150 pixels

Image file format: .gif, .jpg, or .png


77/82




4

To display your logo, follow these steps:




STEP 2 ClickAdministration in the navigation menu, and then clickCo-branding.

The Co-branding page appears.

STEP 3 To enable this feature, click the Disabled icon in the right corner of the page. The

icon label is now Enabled. Later if you need to disable this feature, click the

Enabled icon. This feature is disabled by default.

STEP 4 From the Managed Account/Domain drop-down list, select the account or

domain that will display the logo.

STEP 5 ClickBrowse, and select the logo file on your computer.

STEP 6 ClickSave.


78/82

5


Terminology

Computer security is a rapidly changing subject. Administrators and information

security professionals invent and adopt a variety of terms and phrases to describe

potential risks or uninvited incidents to computers and networks. The following is a

discussion of these terms and their meanings as used in this document:

Viruses/Malware, page 78

Spyware/Grayware, page 79

Spam, page 80

Phishing Incidents, page 80

Mass-Mailing Attacks, page 81

Viruses/Malware

A computer virus is a program a piece of executable code that has the unique

ability to replicate. Viruses can attach themselves to just about any type of

executable file and are spread as files that are copied and sent from individual to

individual.

In addition to replication, some computer viruses share another commonality: a

damage routine that delivers the virus payload.

While payloads may only display messages or images, they can also destroy files,

reformat your hard drive, or cause other damage.

The Cisco ProtectLink Gateway Service can detect viruses/malware in email

messages. The Cisco recommended action for viruses/malware is clean.

BackdoorsA backdoor is a method of bypassing normal authentication,

secur

Documents

Cisco ProtectLink™ Gateway 1.0 - Admin Guide